ByteOS Network

Vulnerability Details :

CVE-2025-60183

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-20 Feb, 2026 | 15:46

Updated At-27 Feb, 2026 | 16:57

WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through <= 0.6.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:20 Feb, 2026 | 15:46

Updated At:27 Feb, 2026 | 16:57

▼CVE Numbering Authority (CNA)

WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

silence

Product

Silencesoft RSS Reader

Collection URL

https://wordpress.org/plugins

Package Name

external-rss-reader

Default Status

unaffected

Versions

Affected

From n/a through <= 0.6 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacts

CAPEC ID	Description
CAPEC-592	Stored XSS

CAPEC ID: CAPEC-592

Description: Stored XSS

Credits

finder

Nabil Irawan | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/Wordpress/Plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:20 Feb, 2026 | 16:22

Updated At:27 Feb, 2026 | 17:16

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/Wordpress/Plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1204Records found

CVE-2023-23982

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:49

Updated-10 Jan, 2025 | 19:11

WordPress WPFrom Email Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.

Vendor-wpfrom_email_project WPGear.Pro

Product-wpfrom_email WPFrom Email

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24397

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:41

Updated-24 Sep, 2024 | 19:08

WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.

Vendor-reservation Reservation.Studio

Product-reservation.studio Reservation.Studio widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24383

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.24%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:12

Updated-10 Jan, 2025 | 19:08

WordPress Namaste! LMS Plugin <= 2.5.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.

Vendor-kibokolabs Kiboko Labs

Product-namaste\!_lms Namaste! LMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24412

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:44

Updated-24 Sep, 2024 | 19:07

WordPress Image Social Feed Plugin Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.

Vendor-web-settler Web-Settler

Product-image_social_feed Image Social Feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24385

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.46%

7 Day CHG~0.00%

Published-17 Oct, 2023 | 08:58

Updated-13 Sep, 2024 | 15:55

WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.

Vendor-davidlingren David Lingren

Product-media_library_assistant Media Library Assistant

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25046

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 25.03%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 09:26

Updated-02 Aug, 2024 | 13:44

WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.

Vendor-podlove Podlove

Product-podlove_podcast_publisher Podlove Podcast Publisher

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23996

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.24% / 47.12%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:46

Updated-10 Jan, 2025 | 19:10

WordPress ProfilePress Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions.

Vendor-properfraction ProfilePress Membership Team

Product-profilepress ProfilePress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23981

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:43

Updated-10 Jan, 2025 | 19:11

WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.

Vendor-quantumcloud QuantumCloud

Product-conversational_forms_for_chatbot Conversational Forms for ChatBot

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24389

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.09%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 09:01

Updated-25 Sep, 2024 | 15:15

WordPress Social Proof (Testimonial) Slider Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.

Vendor-brandid brandiD

Product-social_proof_\(testimonial\)_slider Social Proof (Testimonial) Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25027

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:46

Updated-10 Jan, 2025 | 19:00

WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.

Vendor-kibokolabs Kiboko Labs

Product-chained_quiz Chained Quiz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34428

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.28% / 50.92%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:15

Updated-02 Aug, 2024 | 02:51

WordPress AWSOM News Announcement plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harknell AWSOM News Announcement allows Stored XSS.This issue affects AWSOM News Announcement: from n/a through 1.6.0.

Vendor-Harknell harknell

Product-AWSOM News Announcement awsom_news_announcement

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34418

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.19% / 40.39%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:32

Updated-02 Aug, 2024 | 02:51

WordPress WPCS ( WordPress Custom Search ) plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n/a through 1.1.

Vendor-Tech9logy Creators tech9logy_creators

Product-WPCS ( WordPress Custom Search )wordpress_custom_search

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23971

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:04

Updated-19 Feb, 2025 | 21:35

WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.

Vendor-CodePeople

Product-wp_time_slots_booking_form WP Time Slots Booking Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2490

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-11 May, 2023 | 09:46

Updated-09 Jan, 2025 | 15:17

WordPress UserAgent-Spy Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions.

Vendor-useragent-spy_project Fernando Briano

Product-useragent-spy UserAgent-Spy

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24387

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.24%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:57

Updated-10 Jan, 2025 | 19:07

WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.

Vendor-WpDevArt

Product-organization_chart Organization chart

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33639

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.24%

7 Day CHG~0.00%

Published-26 Apr, 2024 | 07:19

Updated-11 Apr, 2025 | 14:09

WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1.

Vendor-accessally AccessAlly

Product-popupally PopupAlly

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33943

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.58%

7 Day CHG~0.00%

Published-03 May, 2024 | 06:58

Updated-02 Aug, 2024 | 02:42

WordPress Ultimate Under Construction plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyKite Ultimate Under Construction allows Stored XSS.This issue affects Ultimate Under Construction: from n/a through 1.9.3.

Vendor-HappyKite happykite

Product-Ultimate Under Construction ultimate_under_construction

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23998

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:42

Updated-02 Aug, 2024 | 13:44

WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions.

Vendor-e4jconnect E4J s.r.l.

Product-vikrentcar VikRentCar Car Rental Management System

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24394

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 15.07%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:23

Updated-24 Sep, 2024 | 19:25

WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.

Vendor-iframe_project Gopi Ramasamy

Product-iframe iframe popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24376

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.09%

7 Day CHG~0.00%

Published-08 May, 2023 | 21:37

Updated-19 Feb, 2025 | 21:31

WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.

Vendor-wp_simple_events_project Nico Graff

Product-wp_simple_events WP Simple Events

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24381

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.24%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:47

Updated-02 Aug, 2024 | 13:45

WordPress Advanced Social Pixel Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.

Vendor-nsthemes NsThemes

Product-advanced_social_pixel Advanced Social Pixel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24006

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:55

Updated-19 Feb, 2025 | 21:35

WordPress WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.

Vendor-linksoftwarellc Link Software LLC

Product-wp_terms_popup WP Terms Popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24004

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:00

Updated-10 Jan, 2025 | 19:10

WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.

Vendor-WpDevArt

Product-download_image_and_video_lightbox\,_image_popup Image and Video Lightbox, Image PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24406

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:01

Updated-02 Aug, 2024 | 13:41

WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.

Vendor-simple_popup_project Muneeb ur Rehman

Product-simple_popup Simple PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24401

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:48

Updated-24 Sep, 2024 | 19:28

WordPress Mobile Call Now & Map Buttons Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.

Vendor-davidsword Davidsword

Product-mobile_call_now_\&_map_buttons Mobile Call Now & Map Buttons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24396

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.24%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:14

Updated-02 Aug, 2024 | 13:44

WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.

Vendor-vikwp E4J s.r.l.

Product-vikbooking_hotel_booking_engine_\&_pms VikBooking Hotel Booking Engine & PMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34424

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.28% / 50.92%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:21

Updated-02 Aug, 2024 | 02:51

WordPress Featured Content Gallery plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iePlexus Featured Content Gallery allows Stored XSS.This issue affects Featured Content Gallery: from n/a through 3.2.0.

Vendor-iePlexus

Product-Featured Content Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34375

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.58%

7 Day CHG~0.00%

Published-06 May, 2024 | 18:28

Updated-02 Aug, 2024 | 02:51

WordPress Sheets to WP Table Live Sync plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0.

Vendor-WPPOOL

Product-Sheets To WP Table Live Sync

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25797

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:25

Updated-16 Jan, 2026 | 17:21

WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.

Vendor-vibethemes Mr.Vibe

Product-vslider vSlider Multi Image Slider for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25022

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:40

Updated-10 Jan, 2025 | 19:00

WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.

Vendor-kibokolabs Kiboko Labs

Product-watu_quiz Watu Quiz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25042

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:48

Updated-24 Sep, 2024 | 19:07

WordPress oAuth Twitter Feed for Developers Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions.

Vendor-stormconsultancy Liam Gladdy (Storm Consultancy)

Product-oauth_twitter_feed_for_developers oAuth Twitter Feed for Developers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33692

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 31.69%

7 Day CHG~0.00%

Published-26 Apr, 2024 | 12:46

Updated-02 Aug, 2024 | 02:36

WordPress Smart Recent Posts Widget plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3.

Vendor-Satrya

Product-Smart Recent Posts Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34430

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.28% / 50.92%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:12

Updated-02 Aug, 2024 | 02:51

WordPress TT Custom Post Type Creator plugin <=1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rashed Latif TT Custom Post Type Creator allows Stored XSS.This issue affects TT Custom Post Type Creator: from n/a through 1.0.

Vendor-Rashed Latif

Product-TT Custom Post Type Creator

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22690

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-15 May, 2023 | 10:22

Updated-02 Aug, 2024 | 13:40

WordPress Ebook Store Plugin <= 5.775 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions.

Vendor-shopfiles Shopfiles Ltd

Product-ebook_store Ebook Store

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-53464

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.65%

7 Day CHG~0.00%

Published-22 Sep, 2025 | 18:25

Updated-23 Sep, 2025 | 13:43

WordPress WP Mailto Links Plugin <= 3.1.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ironikus WP Mailto Links allows Stored XSS. This issue affects WP Mailto Links: from n/a through 3.1.4.

Vendor-Ironikus

Product-WP Mailto Links

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23788

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:15

Updated-09 Jan, 2025 | 15:21

WordPress Custom More Link Complete Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions.

Vendor-custom_more_link_complete_project Florin Arjocu

Product-custom_more_link_complete Custom More Link Complete

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23812

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:38

Updated-19 Feb, 2025 | 21:31

WordPress Enhanced WP Contact Form Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.

Vendor-enhanced_wp_contact_form_project Joost de Valk

Product-enhanced_wp_contact_form Enhanced WP Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23785

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 14:12

Updated-09 Jan, 2025 | 15:30

WordPress Exquisite PayPal Donation Plugin <= v2.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.

Vendor-exquisite_paypal_donation_project DgCult

Product-exquisite_paypal_donation Exquisite PayPal Donation

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23793

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-09 May, 2023 | 09:53

Updated-09 Jan, 2025 | 15:23

WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions.

Vendor-8web Eightweb Interactive

Product-read_more_without_refresh Read More Without Refresh

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22680

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 24.95%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 11:36

Updated-10 Jan, 2025 | 19:19

WordPress No API Amazon Affiliate Plugin <= 4.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Altanic No API Amazon Affiliate plugin <= 4.2.2 versions.

Vendor-altanic Altanic

Product-no_api_amazon_affiliate No API Amazon Affiliate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22679

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 11:31

Updated-19 Feb, 2025 | 21:40

WordPress WP Better Emails Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nicolas Lemoine WP Better Emails plugin <= 0.4 versions.

Vendor-wp_better_emails_project Nicolas Lemoine

Product-wp_better_emails WP Better Emails

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23799

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:39

Updated-10 Jan, 2025 | 18:56

WordPress Easy Panorama Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions.

Vendor-easy_panorama_project Leonardo Giacone

Product-easy_panorama Easy Panorama

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23732

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:29

Updated-02 Aug, 2024 | 13:41

WordPress Disqus Conditional Load Plugin <= 11.0.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions.

Vendor-disqus_conditional_load_project Joel James

Product-disqus_conditional_load Disqus Conditional Load

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23819

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:09

Updated-19 Feb, 2025 | 21:29

WordPress itemprop WP for SERP/SEO Rich snippets Plugin <= 3.5.201706131 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin <= 3.5.201706131 versions.

Vendor-itemprop_wp_for_serp\/seo_rich_snippets_project Rolands Umbrovskis

Product-itemprop_wp_for_serp\/seo_rich_snippets itemprop WP for SERP/SEO Rich snippets

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23707

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.39%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:12

Updated-02 Aug, 2024 | 13:45

WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions.

Vendor-AWSM Digital Innovations

Product-embed_any_document Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2023-22716

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 12:15

Updated-10 Jan, 2025 | 19:17

WordPress OOPSpam Anti-Spam Plugin <= 1.1.35 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.

Vendor-oopspam OOPSpam

Product-oopspam_anti-spam OOPSpam Anti-Spam

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22685

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:24

Updated-09 Jan, 2025 | 15:16

WordPress Category Specific RSS feed Subscription Plugin <= v2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2 versions.

Vendor-Ruhul Amin Tips and Tricks HQ

Product-category_specific_rss_feed_subscription Category Specific RSS feed Subscription

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22707

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.39%